Added rmw_security_common

rmw_security_common/CMakeLists.txt

@@ -0,0 +1,77 @@
+cmake_minimum_required(VERSION 3.5)
+
+project(rmw_security_common)
+
+# Default to C99
+if(NOT CMAKE_C_STANDARD)
+  set(CMAKE_C_STANDARD 99)
+endif()
+
+
+# Default to C++17
+if(NOT CMAKE_CXX_STANDARD)
+  set(CMAKE_CXX_STANDARD 17)
+  set(CMAKE_CXX_STANDARD_REQUIRED ON)
+endif()
+
+if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+  add_compile_options(-Wall -Wextra -Wpedantic)
+endif()
+
+find_package(ament_cmake REQUIRED)
+find_package(rcutils REQUIRED)
+find_package(rmw REQUIRED)
+
+ament_add_default_options()
+ament_export_dependencies(rcutils)
+
+add_library(${PROJECT_NAME}_library
+  src/security.cpp)
+
+set_target_properties(${PROJECT_NAME}_library
+  PROPERTIES OUTPUT_NAME ${PROJECT_NAME})
+target_link_libraries(${PROJECT_NAME}_library PUBLIC
+  rcutils::rcutils
+  rmw::rmw)
+target_include_directories(${PROJECT_NAME}_library
+  PUBLIC
+  "$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>"
+  "$<INSTALL_INTERFACE:include/${PROJECT_NAME}>")
+
+# Causes the visibility macros to use dllexport rather than dllimport,
+# which is appropriate when building the dll but not consuming it.
+target_compile_definitions(${PROJECT_NAME}_library
+  PRIVATE "RMW_SECURITY_COMMON_BUILDING_LIBRARY")
+
+install(
+  TARGETS ${PROJECT_NAME}_library EXPORT ${PROJECT_NAME}_library
+  ARCHIVE DESTINATION lib
+  LIBRARY DESTINATION lib
+  RUNTIME DESTINATION bin
+)
+
+# Export old-style CMake variables
+ament_export_include_directories("include/${PROJECT_NAME}")
+ament_export_libraries(${PROJECT_NAME}_library)
+
+# Export modern CMake targets
+ament_export_targets(${PROJECT_NAME}_library)
+
+install(
+  DIRECTORY include/
+  DESTINATION include/${PROJECT_NAME})
+
+if(BUILD_TESTING)
+  find_package(ament_lint_auto REQUIRED)
+  find_package(ament_cmake_gmock REQUIRED)
+  ament_lint_auto_find_test_dependencies()
+
+  ament_add_gmock(test_security test/test_security.cpp)
+  if(TARGET test_security)
+    target_link_libraries(test_security
+      ${PROJECT_NAME}_library
+      rcutils::rcutils)
+  endif()
+endif()
+
+ament_package()

rmw_security_common/include/rmw_security_common/security.hpp

@@ -0,0 +1,99 @@
+// Copyright 2021 Open Source Robotics Foundation, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef RMW_SECURITY_COMMON__SECURITY_HPP_
+#define RMW_SECURITY_COMMON__SECURITY_HPP_
+
+#include <string>
+#include <unordered_map>
+
+#include "rcutils/types/string_map.h"
+#include "rmw/types.h"
+#include "rmw_security_common/visibility_control.h"
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/// Get the set of security files in a security enclave.
+/**
+ * This function will look through the passed in 'secure root'
+ * for a set of required filenames that must be in the enclave.
+ * If any of the required filenames are missing, the 'result'
+ * will be empty and the function will return false.
+ * If all of the required filenames are present, then this function
+ * will fill in the 'result' map with a key-value pair of
+ * friendy name -> filename.  If the prefix is not empty, then
+ * the prefix will be applied to the filename.
+ *
+ * The friendly names that this function will currently fill in are:
+ *   IDENTITY_CA
+ *   CERTIFICATE
+ *   PRIVATE_KEY
+ *   PERMISSIONS_CA
+ *   GOVERNANCE
+ *   PERMISSIONS
+ *
+ * \param[in]  prefix An optional prefix to apply to the filenames when storing them.
+ * \param[in]  secure_root The path to the security enclave to look at.
+ * \param[out] result The map where the friendly name -> filename pairs are stored.
+ * \return `true` if all required files exist in the security enclave, `false` otherwise.
+ */
+RMW_SECURITY_COMMON_PUBLIC
+rmw_ret_t get_security_files(
+  const char * prefix,
+  const char * secure_root,
+  rcutils_string_map_t * result);
+  // const std::string & prefix, const std::string & secure_root,
+  // std::unordered_map<std::string, std::string> & result);
+
+/// Get the set of security files in a security enclave.
+/**
+ * This function will look through the passed in 'secure root'
+ * for a set of required filenames that must be in the enclave.
+ * If any of the required filenames are missing, the 'result'
+ * will be empty and the function will return false.
+ * If all of the required filenames are present, then this function
+ * will fill in the 'result' map with a key-value pair of
+ * friendy name -> filename.  If the prefix is not empty, then
+ * the prefix will be applied to the filename.
+ *
+ * The friendly names that this function will currently fill in are:
+ *   IDENTITY_CA
+ *   CERTIFICATE
+ *   PRIVATE_KEY
+ *   PERMISSIONS_CA
+ *   GOVERNANCE
+ *   PERMISSIONS
+ *
+ * \param[in]  supports_pkcs11 Whether the RMW has support for PKCS#11 URIs.
+ * \param[in]  prefix An optional prefix to apply to the filenames when storing them.
+ * \param[in]  secure_root The path to the security enclave to look at.
+ * \param[out] result The map where the friendly name -> filename pairs are stored.
+ * \return `true` if all required files exist in the security enclave, `false` otherwise.
+ */
+RMW_SECURITY_COMMON_PUBLIC
+rmw_ret_t get_security_files_support_pkcs(
+  bool supports_pkcs11,
+  const char * prefix,
+  const char * secure_root,
+  rcutils_string_map_t * result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // RMW_SECURITY_COMMON__SECURITY_HPP_

rmw_security_common/include/rmw_security_common/visibility_control.h

@@ -0,0 +1,58 @@
+// Copyright 2019 Open Source Robotics Foundation, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef RMW_SECURITY_COMMON__VISIBILITY_CONTROL_H_
+#define RMW_SECURITY_COMMON__VISIBILITY_CONTROL_H_
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+// This logic was borrowed (then namespaced) from the examples on the gcc wiki:
+//     https://gcc.gnu.org/wiki/Visibility
+
+#if defined _WIN32 || defined __CYGWIN__
+  #ifdef __GNUC__
+    #define RMW_SECURITY_COMMON_EXPORT __attribute__ ((dllexport))
+    #define RMW_SECURITY_COMMON_IMPORT __attribute__ ((dllimport))
+  #else
+    #define RMW_SECURITY_COMMON_EXPORT __declspec(dllexport)
+    #define RMW_SECURITY_COMMON_IMPORT __declspec(dllimport)
+  #endif
+  #ifdef RMW_SECURITY_COMMON_BUILDING_LIBRARY
+    #define RMW_SECURITY_COMMON_PUBLIC RMW_SECURITY_COMMON_EXPORT
+  #else
+    #define RMW_SECURITY_COMMON_PUBLIC RMW_SECURITY_COMMON_IMPORT
+  #endif
+  #define RMW_SECURITY_COMMON_PUBLIC_TYPE RMW_SECURITY_COMMON_PUBLIC
+  #define RMW_SECURITY_COMMON_LOCAL
+#else
+  #define RMW_SECURITY_COMMON_EXPORT __attribute__ ((visibility("default")))
+  #define RMW_SECURITY_COMMON_IMPORT
+  #if __GNUC__ >= 4
+    #define RMW_SECURITY_COMMON_PUBLIC __attribute__ ((visibility("default")))
+    #define RMW_SECURITY_COMMON_LOCAL  __attribute__ ((visibility("hidden")))
+  #else
+    #define RMW_SECURITY_COMMON_PUBLIC
+    #define RMW_SECURITY_COMMON_LOCAL
+  #endif
+  #define RMW_SECURITY_COMMON_PUBLIC_TYPE
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // RMW_SECURITY_COMMON__VISIBILITY_CONTROL_H_

rmw_security_common/package.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<?xml-model href="http://download.ros.org/schema/package_format3.xsd" schematypens="http://www.w3.org/2001/XMLSchema"?>
+<package format="3">
+  <name>rmw_security_common</name>
+  <version>7.5.1</version>
+  <description>Define a common rmw secutiry utils</description>
+
+  <maintainer email="[email protected]">Alejandro Hernandez Cordero</maintainer>
+
+  <license>Apache License 2.0</license>
+
+  <author email="[email protected]">Alejandro Hernandez Cordero</author>
+
+  <buildtool_depend>ament_cmake</buildtool_depend>
+
+  <depend>rcutils</depend>
+  <depend>rmw</depend>
+
+  <test_depend>ament_cmake_gmock</test_depend>
+  <test_depend>ament_lint_auto</test_depend>
+  <test_depend>ament_lint_common</test_depend>
+
+  <export>
+    <build_type>ament_cmake</build_type>
+  </export>
+</package>